- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 01 Nov 2013 14:12:50 +0100
- To: Bjoern Hoehrmann <derhoermi@gmx.net>, Julian Reschke <julian.reschke@greenbytes.de>
- CC: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, Barry Leiba <barryleiba@computer.org>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2013-10-31 16:05, Bjoern Hoehrmann wrote: > * Julian Reschke wrote: >> On 2013-10-31 15:44, Bjoern Hoehrmann wrote: >>> I think doing s/encryption/authentication/ instead would be better. >>> There is no reason to discuss confidentiality here. Encryption and other >>> cryptographic techniques are used in many authentication schemes, like >>> with client certificates; that may have been the idea behind the text. >> >> "authentication on the transport layer"? > > Applying my suggestion would make the text read, > > The HTTP protocol does not restrict applications to this simple > challenge-response framework for access authentication. Additional > mechanisms MAY be used, such as authentication at the transport > level or via message encapsulation, and with additional header fields > specifying authentication information. However, such additional > mechanisms are not defined by this specification. > > (The MAY might be better as "can".) > ... OK, applied with <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/2463>. Best regards, Julian
Received on Friday, 1 November 2013 13:13:35 UTC